Full-disk encryption (FDE) encrypts the entire storage device of a machine — including the operating system, applications, and temporary files. Without the correct password, PIN, or hardware key, the contents remain unreadable.
Common solutions include BitLocker (Windows), FileVault (macOS), and LUKS (Linux). FDE primarily protects against device loss or theft: without decryption, a finder or thief cannot access any data. FDE only fully protects powered-off devices or those in hibernation — a running, unlocked device remains vulnerable. ISO 27001 Annex A (A.8.24) requires the use of cryptography to protect information, and FDE is the baseline measure for mobile devices.